FragmentSmack is a known Denial of Service Attack (DoS) which takes advantage of TCP fragmentation. An attacker sends small packets of data made wherein they fail to reassemble at the receiving end due to intentional missing fragments. The result is that the system will try to reassemble the packets effectively clogging the system, making the CPU reach a maximum utilization level thus making the system freeze.

When weaponized, attackers can disable systems by sending 8-byte sized IP fragments that have random starting offsets and no final fragments.

Of course not all systems can be immediately updated due to policy and other concerns. Microsoft recommends a workaround by disabling packet reassembly which can be done with the following commands:

Netsh int ipv4 set global reassemblylimit=0

Netsh int ipv6 set global reassemblylimit=0

The commands will drop any packets that are out of order. This will slow the system down a little due to losses and resends but it’s the best choice for administrators who have for some reason need to put off patching. The problem isn’t exclusive to Windows as this was first discovered in Linux distributions that use kernel 3.9 and above. The problem has since been patched and Windows users need to do the same.

Security products such as Checkpoint are also affected so until Checkpoint also comes up with a patch, Microsoft’s temporary solution is the way to go.

Remote-Piloted JET

Speaking of the September 2018 Patch Tuesday, what Microsoft failed to include was a patch for their JET (Joint Engine Technology) Database Engine vulnerability. The technology is present in many Microsoft products including Microsoft Access and Visual Basic and like the previous vulnerability, goes way back to previous versions of Windows.

This vulnerability can allow attackers to remotely execute code, which makes it more dangerous than FragmentSmack. JET apparently has an index management problem which is successfully exploited, can result in out-of-bounds memory write, to which attackers can inject code and perform remote execution.
Zero-Day Initiative had no choice but to disclose this vulnerability as it wasn’t included in Patch Tuesday and is past its 120-day deadline.

Photo by Tadas Sar on Unsplash

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Windows FragmentSmack — Patch or Die appeared first on Hack Ware News.